Re: Building an IMAP server
Hans Wilmer said:
> Ok, all this sounds good. Cyrus may be the more solid solution at
> least. But some questions come up with it:
as a cyrus user on debian for 2 years now I can say that cyrus 1.5
is a ROCK solid mail server. Extremely fast, reliable, fairly easy
to use, flexible etc. That said, I took a look at possibly replacing
my cyrus 1.5 with a new cyrus 2.0 or 2.1?? from the unofficial debs
and it just looks horrible to me. All this sasl crap, incompadiblities
with LDAP authentication, and the complex install process/configure
process gives it more then 3 strikes in my book. So if/when I decide
to move on it will be to courier.
I originally chose cyrus back in the day(a bit over 2 years ago I
think) because courier as included with debian either did not have
POP3 support, or the POP3 support was alpha/experimental. That is
the only reason, I've stuck with it to date since I've never had
a problem.
below comments are related to cyrus 1.5 which is the current version
in debian 3.0 as well as debian 2.2(nice thing about that was upgrading
didn't have any glitches since the version didn't change at all :) )
> + Given that there are no local users, how do they authenticate to
> access their email via IMAP?
I use LDAP authentication via PAM. I have extensive documentation on
how to setup & deploy such authentication at my LDAP site:
http://howto.aphroland.de/HOWTO/LDAP
> + What's the best way to do backups and restores?
just tar up the user's mail folder(/var/spool/cyrus/mail/user/$USER).
to restore it, extract the tar file, change the file ownership on
all the files to match others(I think its cyrus.mail) incase the
UID/GID is changed(e.g. restoring to another system), su to the user
cyrus and run the command /usr/sbin/reconstruct -m which will rebuild
the mailboxes file(it will scan and see the new mailboxes/mail), then
run /usr/sbin/reconstruct -r user.$USER and that will rebuild that
particular inbox. I have done at least 3 server migrations with cyrus
and all were totally flawless, never a single problem. The process isn't
entirely straightforward(the above is semi complex), but it works,
and works well. Note my command line options for reconstruction may
be incorrect, it's been nearly 6 months since i used it and thats off
the top of my head.
> + Can delivery to local users' ~/Maildir be intermixed with delivery
> to cyrus' own mail storage? Can cyrus access files in ~/Maildir and make
> it accessible by IMAP as it does with mail in its own storage?
not that I know of. Cyrus uses it's own file store mainly for file locking,
e.g. login multiple times to the IMAP server, login multiple times to
the POP server and maintain data integrity. the file formats of
maildir and cyrus are not at all the same, cyrus relies HEAVILY upon
the indexes it generates, without the indexes cyrus will report you have
0 messages despite having all the message files there. Same goes for
if the file permissions are bad.
> + The server will have to accept mail for some.domain.de and
> some.domain.com (whereby the 'some.domain.' part is always the
> same). All users of some.domain.de are the same users as in
> some.domain.com, and the envelope sender and From: information will
> always be user@some.domain.com. So far, that's easy. Can cyrus deal with
> that?
from what I understand in your question, this doesn't involve cyrus at
all, you just tell the MTA which user to deliver the mail to, and
cyrus takes it from there.
> Well, I'm not sure how to handle this in detail on the side of the MTA
> yet (looks like it needs virtual domains), but what about cyrus? Afaics
> yet, such a domain setup would be much easier to maintain when all users
> were real local users. With unreal users and cyrus, I might very well
> get into troubles I cannot quite imagine as of yet --- or into none at
> all as it may be left solely to the MTA to
> handle the different domains/groups of users.
for reference, my home cyrus setup consists of a single account for
authentication, and more then 60 other accounts which have no
associated account(including the one I am posting from). I configured
cyrus to give my primary account full access(via ACLs) to all of these
60+ other mailboxes, each is assigned a unique email address. This
allows me to sort mail server side according to email address, since
there is no way that the current postfix/cyrus can identify which email
address something is sent to(in the case of a mailing list or being BCC'd
etc, though newer versions of it apparently can, I'm stickin to stable).
It also allows me to unsubscribe to my other email boxes and have them
still collect email without it having to show up on my client. It works
extremely well for me. At the moment I am subscribed to 17 other
email "accounts"(with no local associated account). Using squirrelmail
as my mail client, performance is good(provided I don't let mailboxes
get too big).
I haven't tried courier myself yet so can't reccomend for or against
it, I hear it's good, I plan to investigate it further, but for me
at least cyrus 2.x is a real bad solution. It seems flaky & has stupid
dependencies on sasl(I can understand offering support for sasl but
don't force it).
if you use squirrelmail for webmail I reccomend installing php4-apc
it improves SM performance by about 20x on my system.
nate
Reply to: